Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

Improved User Anonymity Authentication Scheme using Smart Card for Traceability

추적 가능성을 위한 스마트카드 기반의 개선된 사용자 익명성 인증기법

  • Park, Mi-Og (Division. of Computer Science Engineering, Sungkyul University)
  • 박미옥 (성결대학교 컴퓨터공학부)
  • Received : 2012.11.06
  • Accepted : 2012.11.15
  • Published : 2012.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Authentication schemes preserving user anonymity have first been proposed by Das et al, and most of user anonymity schemes provide user anonymity against outside attacks in the communication channel. In this paper, according to the increasing of personal information exposure incidents by server attack, we propose a new authentication scheme that provides user anonymity against server as well as one against outside attacks in the communication channel. Furthermore, the proposed authentication scheme provides traceability that remote server should be able to trace the malicious user and it also solves the problem of increasing computational load of remote server by solving weakness of wrong password input by mistake.

사용자 익명성 제공 인증기법은 Das 등에 의해 처음으로 제안되었으며, 대부분의 사용자 익명성 기법들은 통신 채널상의 외부공격에 대한 사용자 익명성을 제공한다. 본 논문에서는 서버 공격에 의한 개인정보 노출 사고가 증가함에 따라, 외부공격에 대한 사용자 익명성뿐만 아니라 서버에 대한 사용자 익명성을 제공하는 새로운 인증기법을 제안한다. 더욱이 제안 인증기법은 원격 서버가 악의적인 사용자를 추적할 수 있는 기능을 제공하며, 패스워드 오입력시의 취약점을 개선하여 원격 서버의 계산로드가 증가하는 문제도 함께 해결한다.

Keywords

References

  1. E. Smirni, and G. Ciardo, "Workload-Aware Load Balancing for ClusterWeb Servers," IEEE Trans. on Parallel and Distributed Systems, Vol. 16, No. 3, pp. 219-232, March 2005. https://doi.org/10.1109/TPDS.2005.38
  2. M. S. Hwang, C. C. Lee, Y. L. Tang, "ASimple Remote User Authentication Scheme," Mathematical and Computer Modeling 36, pp.103-107, 2002. https://doi.org/10.1016/S0895-7177(02)00106-1
  3. E. J. Yoon, E. K. Ryu, and K. Y. Yoo, "An improvements of Hwang-Lee-Tang's simple remote user authentication scheme," Computer and Security 24, pp.50-56, 2005. https://doi.org/10.1016/j.cose.2004.06.004
  4. H. M. Sun, "An Efficient Remote Use Authentication Scheme Using Smart Cards," IEEE Transaction on Consumer Electronics, Vol.46, No.4, pp.958-961, November 2000. https://doi.org/10.1109/30.920446
  5. H.Y.Chien, J.K.Jan, and Y.M.Tseng, "An Efficient and Practical Solution to Remote Authentication: Smart Card," Computer and Security, Vol.2, No.4, pp.372-375, 2002.
  6. H.C.Hsiang and W.K.Shih, "Weakness and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards," Computer Communications 32, pp.649-652, 2009. https://doi.org/10.1016/j.comcom.2008.11.019
  7. K. L. Das, A. Saxena, and V. P. Gulati, "A dynamic ID-based remote user authentication scheme," IEEE Transactions on Consumer Electronics, Vol.50, No.2, pp.629-631, 2004 https://doi.org/10.1109/TCE.2004.1309441
  8. H.Y.Chien, and C.H.Chen, "A remote authentication scheme preserving user anonymity," IEEE AINA'05, Vol.2, pp.245-248, March 2005.
  9. L. Hu, Y, Yang, and X. Niu, "Improved Remote User Authentication Scheme Preserving User Anonymity," Fifth Annual Conference on Communication Network and Services Research(CNSR), pp.323-328, 2007
  10. W. B. Horng, C. P. Lee, and J.W. Peng, "A Secure Remote Authentication Scheme Preserving User Anonymity with Non-Tamper Resistant Smart Cards," WSEAS TRANSACTIONS on INFORMATION SCIENCE and APPLICATIONS, Issue 5, Vol.7, pp.619-628, May 2010.
  11. E. Brier, C. Clavier, and F. Olivier, "Correlation Power Analysis with a Leakage Model," Lecture Notes in Computer Science, Vol.3156, pp.135-152, 2004.
  12. S. Mangard, N. Pramstaller, and E. Oswald, "Successfully attacking masked AES hardware implementations," Lecture Notes in Computer Science, Vol.3659, pp.157-171, 2005.
  13. O. Choudary (osc22), "Breaking Smartcards Using Power Analysis", University of Cambridge.
  14. Y. R. Baek, K. E. Gil, J.C.Ha, "Aremote Protocol Using Smart Card to Guarantee User Anonymity", Journal of Korea Society for Internet Information, Vol.10, No.6, pp.229-239, 2009
  15. C. S. Bindu, P. C. S. Reddy, and B. Satyanarayana, "Improved Remote User Authentication Scheme Preserving User Anonymity," IJCSNS International Journal of Computer Science and Network Security, Vol.8 No.3, pp.62-66, March 2008.
  16. S. I. Kim, J. Y. Chun, andD.H. Lee, "AnonymityUser Authentication Scheme with Smart Cards preserving Traceability", Journal of Korea Institutes Information Security and Cryptology, Vol.18,No.5, pp.31-39, 2008. 10.